The massive malware mine that is McAfee released its quarterly Threats Report earlier this week and, as usual, there’s enough data therein to launch a dozen blogs; however, to summarize: online threats are getting more pervasive and harder to spot, driven by catalysts such as social networking and massive botnets.
That’s hardly anything new but McAfee’s report offers up some pretty interesting details of the continued evolution of these uber-trends throughout the research paper, and says that within the context of the larger trends, there have been noticeable shifts occurring across the cyber-threat landscape so far this year.
First, the good news: While other researchers have reported that spam is at the same levels that it was running before the well-publicized shutdown of shady hosting provider McColo, McAfee’s figures indicate that unsolicited e-mail is still a good 30 percent below its former high water mark.
That said, the security software company found that spam levels were extremely high during Q1 2009 and McAfee thinks it won’t be long until spam volumes rebound to their peak. So, plan to keep deleting unwanted ads for male enhancement products for now… or more likely, you know, forever.
Compared with the same quarter a year ago, overall volumes were 20 percent lower in Q1 2009 and 30 percent below the third quarter of 2008, which had the highest quarterly spam volumes recorded to date. McAfee estimates that spam has recovered about 70 percent since McColo.
Much of the spam of course carries malware, or more likely links to malware infected Web sites. And where is it all coming from? Endpoints that have already been infected and added to massive botnets, of course.
Botnets continue to surge in general, McAfee reports. In Q1 alone the company said that it detected an all time-high 12 million new IP addresses operating in botnets, representing a significant increase over 2008, jumping nearly 50 percent. The third quarter of 2008 held the previous record for newly discovered zombies, but the record was smashed by over one million over the first three months of 2009.
“Although the spam volume levels have not yet recovered from the McColo shutdown, the activity level of new zombies indicates that the spammers are working hard to regain the infrastructure lost and that volumes will return to previous levels sometime soon,” researchers said in the report.
According to McAfee’s results, China and the U.S. have traded the top spot over the past three quarters for the most infected zombie PCs, with the U.S. leading the way with 18 percent during Q1. Interestingly Australia has gone from nowhere in sight to third worldwide. McAfee theorizes that for some reason the country has become a proving ground for botnet attackers.
Infected Web sites remain a major culprit in the worldwide malware trade, and McAfee said that most well known online attacks only grew in scope during Q1, with attackers taking advantage of interest in the global economic uncertainty and other breaking news to lure people to their pages.
URLs of all varieties, based in nearly every corner of the world, have become proxies for malware threats, the company maintains.
“Sites with malicious reputations vary considerably in their aims, whether legitimate, shady, or scams. You’ll still run a higher risk when visiting a porn or gambling site that is not associated with a recognized and legitimate business. However, any site is vulnerable, and any type of content that a user may want to access is an opportunity for malware distributors to exploit,” researchers said.
Content servers, both those nefarious by design and those hijacked by attackers, have become a growing presence on the scene, along with the use of so-called anonymizers, or tactics aimed at disguising malware schemes online, including site redirections, McAfee notes.
Hacked social networking, or Web 2.0 sites have also become a growing issue. The big problem with Web 2.0 is the level of trust that users place in the systems, through which they have maintained and established friendships.
For instance, McAfee noted that Koobface variants took thousands of users by surprise during Q1 as they received the virus from their contacts on Facebook.
Attackers also continue to target their victims with threats authored in the same languages they speak, the researchers noted.
So, in summary, according to McAfee business in the malware industry has pretty much taken off or stayed the same in ’09.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to [email protected].